<?php
// +----------------------------------------------------------------------
// | KITEGO-Admin「开箱即用」「人人全栈」
// +----------------------------------------------------------------------
// | Copyright (c) 2016~2024 https://www.kitego.cn All rights reserved.
// +----------------------------------------------------------------------
// | Licensed KITEGO并不是自由软件，未经许可不能去掉KITEGO相关版权
// +----------------------------------------------------------------------
// | Author: KITEGO Team <bd@kitego.cn>
// +----------------------------------------------------------------------

namespace kitego\middleware;

class BanDemoPostMiddleware
{
    // demo环境允许post的接口
    protected $demoSafePost = [];

    public function handle($request, \Closure $next)
    {
        // 无需鉴权的接口放行
        if ($request->invokeController->checkSafeAction()) {
            return $next($request);
        }

        // 非POST接口放行
        if ($request->method() != 'POST') {
            return $next($request);
        }

        $action = $request->controller() . '/' . $request->action();
        if (env('env') == 'demo' && !in_array($action, $this->demoSafePost)) {
            return fail('演示环境不支持修改数据，请下载源码本地部署体验');
        }

        return $next($request);
    }
}